rndc addzone, global allow-new-zones, 'file not found'
Hello there,
I'm currently experiencing a bit of a problem with the experimental
addzone stuff. I'm on 9.9.3-P2.
I've set allow-new-zones to yes in options, and toggled
permit-empty-zones around to no avail.
My problem is that a simple addzone fails by either complaining that
the file parameter is lacking (when not specifying one), or not being
able to access the file (if specified):
# rndc -s localhost -c ~/rndc-localhost.conf addzone metazone. '{type
master;};'; tail /var/log/messages -n 2
rndc: 'addzone' failed: failure
Dec 11 10:00:31 named[21120]: received control channel command
'addzone metazone. {type master;};'
Dec 11 10:00:31 named[21120]: zone 'metazone.': 'file' not
specified
# rndc -s localhost -c ~/rndc-localhost.conf addzone metazone. '{type master;
file "master/metazone.zone";};'; tail /var/log/messages -n 4
rndc: 'addzone' failed: file not found
Dec 11 10:01:15 named[21120]: received control channel command
'addzone metazone. {type master; file "master/metazone.zone";};'
Dec 11 10:01:15 named[21120]: zone metazone/IN: loading from master
file master/metazone.zone failed: file not found
Dec 11 10:01:15 named[21120]: zone metazone/IN: not loaded due to
errors.
Dec 11 10:01:15 named[21120]: addzone failed; reverting.
From my understanding, though, the relevant configuration options should allow
creating new zones on the fly?
Any hints? (I'm a bit wary of wading through the code.)
-towo
signature.asc
Description: PGP signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone, global allow-new-zones, 'file not found'
Tobias Wolter wrote:
>
> # rndc -s localhost -c ~/rndc-localhost.conf addzone metazone. '{type master;
> file "master/metazone.zone";};'; tail /var/log/messages -n 4
> rndc: 'addzone' failed: file not found
> Dec 11 10:01:15 named[21120]: received control channel command
> 'addzone metazone. {type master; file "master/metazone.zone";};'
> Dec 11 10:01:15 named[21120]: zone metazone/IN: loading from
> master file master/metazone.zone failed: file not found
> Dec 11 10:01:15 named[21120]: zone metazone/IN: not loaded due to
> errors.
> Dec 11 10:01:15 named[21120]: addzone failed; reverting.
You need to create the master file (with valid zone contents) before
running rndc addzone.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone, global allow-new-zones, 'file not found'
In message <2013120257.60d3bb74@loki>, Tobias Wolter writes:
>
> Hello there,
>
> I'm currently experiencing a bit of a problem with the experimental
> addzone stuff. I'm on 9.9.3-P2.
>
> I've set allow-new-zones to yes in options, and toggled
> permit-empty-zones around to no avail.
>
> My problem is that a simple addzone fails by either complaining that
> the file parameter is lacking (when not specifying one), or not being
> able to access the file (if specified):
>
> # rndc -s localhost -c ~/rndc-localhost.conf addzone metazone. '{type
> master;};'; tail /var/log/messages -n 2
> rndc: 'addzone' failed: failure
> Dec 11 10:00:31 named[21120]: received control channel command
> 'addzone metazone. {type master;};'
> Dec 11 10:00:31 named[21120]: zone 'metazone.': 'file' not
> specified
>
> # rndc -s localhost -c ~/rndc-localhost.conf addzone metazone. '{type
> master; file "master/metazone.zone";};'; tail /var/log/messages -n 4
> rndc: 'addzone' failed: file not found
> Dec 11 10:01:15 named[21120]: received control channel command
> 'addzone metazone. {type master; file "master/metazone.zone";};'
> Dec 11 10:01:15 named[21120]: zone metazone/IN: loading from
> master file master/metazone.zone failed: file not found
> Dec 11 10:01:15 named[21120]: zone metazone/IN: not loaded due
> to errors.
> Dec 11 10:01:15 named[21120]: addzone failed; reverting.
>
> From my understanding, though, the relevant configuration options should
> allow creating new zones on the fly?
>
> Any hints? (I'm a bit wary of wading through the code.)
Yes,
create the initial zone contents and put it in master/metazone.zone.
Mark
> -towo
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone, global allow-new-zones, 'file not found'
On Wed, 11 Dec 2013 10:54:30 +
Tony Finch wrote:
> Tobias Wolter wrote:
> >
> > # rndc -s localhost -c ~/rndc-localhost.conf addzone metazone. '{type
> > master; file "master/metazone.zone";};'; tail /var/log/messages -n 4
> > rndc: 'addzone' failed: file not found
> > Dec 11 10:01:15 named[21120]: received control channel command
> > 'addzone metazone. {type master; file "master/metazone.zone";};'
> > Dec 11 10:01:15 named[21120]: zone metazone/IN: loading from
> > master file master/metazone.zone failed: file not found
> > Dec 11 10:01:15 named[21120]: zone metazone/IN: not loaded due
> > to errors.
> > Dec 11 10:01:15 named[21120]: addzone failed; reverting.
>
> You need to create the master file (with valid zone contents) before
> running rndc addzone.
Thank you. I know this approach works, but I was under the impression
it also works by dynamically making a zone available without needing to
create a zone file.
It's a bit of a luxury problem, I know, but that'd actually be rather
helpful in my zone replication use case here...
-towo
signature.asc
Description: PGP signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone, global allow-new-zones, 'file not found'
On Wed, 11 Dec 2013 22:01:02 +1100 Mark Andrews wrote: > create the initial zone contents and put it in master/metazone.zone. Thanks, I feared that that was a necessary step. No way around that requirement by built-in means, then? -towo signature.asc Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone, global allow-new-zones, 'file not found'
In message <20131211120707.11028b38@loki>, Tobias Wolter writes: > > On Wed, 11 Dec 2013 22:01:02 +1100 > Mark Andrews wrote: > > > create the initial zone contents and put it in master/metazone.zone. > > Thanks, I feared that that was a necessary step. > > No way around that requirement by built-in means, then? No. > -towo -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Delegation and Forwarding
I'm a bit confused on the need for a blank forwarders statement inside of a zone statement in the named.conf file. Given an internal zone on a recursive server with global forwarders, what are the situations which would require me to code a blank forwarders statement inside of a zone statement in a named.conf? I have internal zones which 1) do not delegate children, 2) delegate children on the same server, and delegate children on different servers (and different versions of bind). I know that delegation is not affected on servers without global forwarders. The documentation around this is not clear (at least to me ). Is there a difference if the parent is local and the child is forwarded? (or both forwarded but to different addresses?) Thanks, Bob ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delegation and Forwarding
The basic answer is that you use null forwarders for any domains that you want to turn off the global forwarders. If you have a global forwarder and then you have bob.com with a null forwarder, bob.com and the domains below is will follow delegation. On Dec 11, 2013 7:10 AM, "Bob McDonald" wrote: > I'm a bit confused on the need for a blank forwarders statement inside of > a zone statement in the named.conf file. Given an internal zone on a > recursive server with global forwarders, what are the situations which > would require me to code a blank forwarders statement inside of a zone > statement in a named.conf? I have internal zones which 1) do not delegate > children, 2) delegate children on the same server, and delegate children on > different servers (and different versions of bind). I know that delegation > is not affected on servers without global forwarders. The documentation > around this is not clear (at least to me ). > > Is there a difference if the parent is local and the child is forwarded? > (or both forwarded but to different addresses?) > > Thanks, > > Bob > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
rndc refresh fails for signed zones
Hi!
# named -V
BIND 9.9.3-rl.13204.02-P2
I have configured slave zones with inline signing:
zone "mydomain.at" {
type slave;
file "/etc/bind/mydomain.at";
masters { 1.2.3.4; };
key-directory "/etc/bind/keys";
auto-dnssec maintain;
inline-signing yes;
allow-transfer { 5.6.7.8; };
also-notify { 5.6.7.8; };
};
# rndc refresh mydomain.at
rndc: 'refresh' failed: failure
not a slave or stub zone
For normal slave zones (unsigned) it works fine. Is this a known bug?
Where can I open a bug report? Any workarounds?
Thanks
Klaus
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc refresh fails for signed zones
Same problem with:
# named -V
BIND 9.9.4-P1
On 11.12.2013 13:39, Klaus Darilion wrote:
Hi!
# named -V
BIND 9.9.3-rl.13204.02-P2
I have configured slave zones with inline signing:
zone "mydomain.at" {
type slave;
file "/etc/bind/mydomain.at";
masters { 1.2.3.4; };
key-directory "/etc/bind/keys";
auto-dnssec maintain;
inline-signing yes;
allow-transfer { 5.6.7.8; };
also-notify { 5.6.7.8; };
};
# rndc refresh mydomain.at
rndc: 'refresh' failed: failure
not a slave or stub zone
For normal slave zones (unsigned) it works fine. Is this a known bug?
Where can I open a bug report? Any workarounds?
Thanks
Klaus
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc refresh fails for signed zones
> Hi!
>
> # named -V
> BIND 9.9.3-rl.13204.02-P2
>
> I have configured slave zones with inline signing:
>
> zone "mydomain.at" {
> type slave;
> file "/etc/bind/mydomain.at";
> masters { 1.2.3.4; };
> key-directory "/etc/bind/keys";
> auto-dnssec maintain;
> inline-signing yes;
> allow-transfer { 5.6.7.8; };
> also-notify { 5.6.7.8; };
> };
>
>
> # rndc refresh mydomain.at
> rndc: 'refresh' failed: failure
> not a slave or stub zone
>
>
> For normal slave zones (unsigned) it works fine. Is this a known bug?
> Where can I open a bug report? Any workarounds?
I believe that only the master can sign the zone.
Also, also-notify does not make much sense for a slave.
Tom Schulz
Applied Dynamics Intl.
sch...@adi.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc refresh fails for signed zones
> > For normal slave zones (unsigned) it works fine. Is this a known bug? > > Where can I open a bug report? Any workarounds? Bug reports can go to bind9-b...@isc.org. > I believe that only the master can sign the zone. > Also, also-notify does not make much sense for a slave. With inline-signing, slaves can sign, and in a hidden master setup, it makes sense for them to send notifies. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc refresh fails for signed zones
In article , sch...@adi.com (Thomas Schulz) wrote: > Also, also-notify does not make much sense for a slave. A permissible configuration is one where A transfers from B, and B transfers from C. It then makes sense for C to notify B, and B to notify A. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delegation and Forwarding
-Original Message- From: Bob McDonald Date: Wednesday, December 11, 2013 7:10 AM To: "bind-users@lists.isc.org" Subject: Delegation and Forwarding >I'm a bit confused on the need for a blank forwarders statement inside of >a zone statement in the named.conf file. Given an internal zone on a >recursive server with global forwarders, > what are the situations which would require me to code a blank >forwarders statement inside of a zone statement in a named.conf? I have >internal zones which 1) do not delegate children, 2) delegate children on >the same server, and delegate children on different > servers (and different versions of bind). I know that delegation is not >affected on servers without global forwarders. The documentation around >this is not clear (at least to me ). empty forwarders in zone stanza effectively cancels global forwarders. from the arm: "If no forwarders statement is present or an empty list for forwarders is given, then no forwarding will be done for the domain, canceling the effects of any forwarders in the options statement." so you can assume the same behavior for that zone as if you had no forwarders defined. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc refresh fails for signed zones
In message <52a85d1b.2010...@pernau.at>, Klaus Darilion writes:
> Hi!
>
> # named -V
> BIND 9.9.3-rl.13204.02-P2
>
> I have configured slave zones with inline signing:
>
> zone "mydomain.at" {
> type slave;
> file "/etc/bind/mydomain.at";
> masters { 1.2.3.4; };
> key-directory "/etc/bind/keys";
> auto-dnssec maintain;
> inline-signing yes;
> allow-transfer { 5.6.7.8; };
> also-notify { 5.6.7.8; };
> };
>
>
> # rndc refresh mydomain.at
> rndc: 'refresh' failed: failure
> not a slave or stub zone
>
>
> For normal slave zones (unsigned) it works fine. Is this a known bug?
> Where can I open a bug report? Any workarounds?
You can report bugs to bind9-b...@isc.org. That being said this one is
trivial.
diff --git a/bin/named/server.c b/bin/named/server.c
index e7ea266..4b634f1 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -6729,7 +6729,7 @@ ns_server_notifycommand(ns_server_t *server, char *args,
isc_buffer_t *text) {
isc_result_t
ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
- dns_zone_t *zone = NULL;
+ dns_zone_t *zone = NULL, *raw = NULL;
const unsigned char msg1[] = "zone refresh queued";
const unsigned char msg2[] = "not a slave or stub zone";
dns_zonetype_t type;
@@ -6741,6 +6741,12 @@ ns_server_refreshcommand(ns_server_t *server, char
*args, isc_buffer_t *text) {
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
+ dns_zone_getraw(zone, &raw);
+ if (raw != NULL) {
+ dns_zone_detach(&zone);
+ dns_zone_attach(raw, &zone);
+ dns_zone_detach(&raw);
+ }
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub) {
dns_zone_refresh(zone);
>
>
> Thanks
> Klaus
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
DDNS update forwarding
Hello folks, I'm getting ready to revamp our dynamic DNS setup here on campus, and am curious: what is everyone doing for update forwarding? Have you seen certain clients that will send updates based on NS records rather than the SOA record? Perhaps a better question is: has anyone been bitten by leaving update forwarding disabled? John ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DDNS update forwarding
In message <52a8e44a.1070...@brandeis.edu>, John Miller writes: > Hello folks, > > I'm getting ready to revamp our dynamic DNS setup here on campus, and am > curious: what is everyone doing for update forwarding? Have you seen > certain clients that will send updates based on NS records rather than > the SOA record? Which is what the update protocol specifies as the default destination to send requests to. > Perhaps a better question is: has anyone been bitten by leaving update > forwarding disabled? If you have a hidden master and clients that follow the RFC and send to the nameservers then you will need to enable update forwarding. The exact condfiguration depends on how you are authenticating updates for the zone. If it is by IP address you will need to configure the update forwarding server to use a similar acl. If you are using TSIG then you can just forward all update requests. If is off by default as it is the only safe configuration when you don't know how the master is configured not because one shouldn't forward update requests. Mark > John > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
